EnergySec is excited to announce Lena Smart as the recipient of the Energy Sector Security Executive of the Year, and Adam Crain and Chris Sistrunk as the Energy Sector Security Professionals of the Year. In selecting the Executive of the Year, we looked for a person who was in senior management, and directly responsible for cybersecurity functions. Additionally, they should demonstrate leadership and engagement in the electric sector community, above and beyond what is normally expected. Ms. Smart demonstrates all of these qualities. She is the Chief Information Security Officer of the New York Power Authority. She has worked in cybersecurity for over 20 years, and has been at NYPA for 13 years, including managing their cybersecurity group for 10 years. Ms. Smart is a frequent speaker and panelist at conferences, with a focus on effective ways in which utilities can combat the threats posed by foreign and domestic attackers.
For the Energy Sector Professional of the Year, we looked for somebody who helped to make the whole Energy Sector more secure. Chris Sistrunk and Adam Crain have done that. Mr. Crain and Mr. Sistrunk worked together on their Project Robus research, finding 26 vulnerabilities in products, mostly those using DNP3. They created, and released, an open-source protocol fuzzer, which they used for their research. This research has directly led to almost three dozen vulnerability patches from vendors. Almost every utility uses DNP3, and their responsible disclosure of vulnerabilities, through vendors and ICS-CERT, has helped to make utilities more secure.
Mr. Sistrunk recently became a Senior Consultant in Mandiant’s Strategic Solutions Consulting practice, focusing on cyberseucrity for industrial control systems and critical infrastructure. Prior to that, he was a Senior Engineer in the Transmission & Distribution Technical Services department for Entergy. He was responsible for RTU/SCADA integration, digital fault records, cybersecurity, substation automation, distribution automation, root cause analysis, and standards support. He also oversaw the T&D RTU/Relay lab, where he tested existing equipment and evaluated new equipment. He is a member of IEEE and the DNP Users Group. He has a BS in Electrical Engineering from Louisiana Tech University, and is currently working towards his MS in Engineering and Technology Management. He has also presented at several conferences, helped create the ICS Village at Def Con, and helped found the BSidesJackson conference, Mississippi’s first information security conference.
Adam Crain is a control system engineer, security researcher, and open source advocate. In 2012, he started his own venture, Automatak, to improve the penetration of robust open source software in the utility space. He is the principal author of opendnp3, an implementation of IEEE 1815 (DNP3).
All three honorees received their awards at the EnergySec Security Summit Awards Gala, in Austin, TX on August 21.
(all photos courtesy of Lisa Carrington)